IMPORTANT: A 2.0 update has been released Official support for v1.0 in this thread has come to an end.

There has been alot of development going on around the PS3 since the discoveries of thePS3Xploit (webkit exploit) on 4.81 OFW, first we seen theIDPS dumper (4.81/2 OFW) released with some big news & hope to come along with it, like a Flash Writer (downgrader) for OFW, so if you have been reluctant to buy a Hardware Flasher such as the E3 Flasher and bust open your PS3, but have been wanting to get your PS3 FAT(PHAT) Console and your Downgradable PS3 SLIM Models (up to & including 25xx models with minimum installable version <= 3.56) on Custom Firmware, then here is your chance with a 100% SOFTWARE SOLUTION thanks to the work of PS3Xploit Team ( @bguerville, @esc0rtd3w & W) along with contributions from new team member @habib to help expedite this release. Essentially what this Software Solution does is write a patch to the CoreOS (on NOR/NAND Chip) and when the PS3 Console is then rebooted you can install a Custom Firmware directly, So downgrading back to 3.55 is not required in the process, rather "Direct OFW to CFW patching" is done to allow for Custom Firmware Installation. Since this exploit is executed from 4.82 OFW, you can only install to a 4.82 CFW, HOWEVER if you wish to use an earlier firmware such as REBUG 4.81 for example, once on 4.82 CFW you must TOGGLE QA using a toggle tool, which allows CFW user's to freely switch CFW version from past and present. Read more about this in the Frequently Asked Question (FAQ) and more info in the details provided:

WARNING: USE THE PROVIDED flsh.hex AS IS. DON'T PATCH IT OR MODIFY IT OR YOU WILL BRICK *****

Verify flsh.hex file on a flash drive and in the far right USB slot!

4.82 flsh.hex MD5: 8E156C99101BF36EC3EDB832982AE46D

DO NOT USE ON CFW (Custom Firmware) (Only Supports OFW)

DO NOT USE ON PS3 Models 3xxx/4xxx (aka SuperSlims / Late Slim models) you will brick those console.

USE ONLY ON 4.82 OFW

PLEASE READ FIRST:

It's essential not to flood the browser memory with junk before running the exploit. The reason for this is that due to javascript core memory usage limitations we are scanning several times a small range of browser memory (a few Mb) to find some essential data in RAM, if the memory is flooded then the range to scan becomes much larger & the probabilities that our data is found in the smaller range decrease dramatically..

So in short, never use the browser or set a homepage you cancel before running the exploit!

If you need to, set the homepage to 'blank', close the browser then reopen it to start the flash writer.

the NOR/NAND writer will just copy 3Mb of CoreOS data to both ros0 & ros1 in the flash memory.

There is only one version released for 4.82. The same hex patch file can be used on nor & nand.

It's as safe as possible, with a check for usb device & patch file making the exploit hang instead of corrupting flash if file is not found.

In case of corruption (extremely rare but could always happen), it's only a partial brick because no per console info ever gets erased so a hardware flasher could still be used if ever a recovery reboot was impossible.

​

Usage Tips:

1) Try using a LAN connection or a solid WiFi connection during exploitation. A weak signal can cause problems.
2) If the exploit takes more than 5 minutes to work, reload page, browser, or restart console and try again.
3) If you are using a LAN connection and experience network issues, make sure all cables to router are in working order.​

​

Steps:

1. Setup a small Web server on pc or smartphone. A custom miniweb application (from: https://sourceforge.net/projects/miniweb/files/) with small changes to the JaveScript, and supplied to host files if you would like to use it. Don't come to us for explanations about how to run a http server though. Google it.

2. Extract the files from release to your http server root folder.

2a- To use the miniweb.exe server, it is necessary to create a folder: htdocs
2b- The files *.html and *.js included in the zip files should be copied/moved to htdocs​

3. Copy the "flsh.hex" file from release folder to root of flash drive.

4. Put a FAT32 USB key in port closest to BD Drive (/dev_usb000).

5.DOUBLE-CHECK your flash drive on XMB to make sure it shows up under Music, Photos, Videos, etc.

6. Open the PS3 browser File Address window, write the IP address of your server (and the port if not 80) & press the Start button.

7. Select the appropriate button for your console and wait for PS3 to power down. DO NOT STOP THE PROCESS ONCE STARTED!!

8. Once PS3 has powered down, reboot console and install CFW matching OFW version. If installing through XMB does not work, boot to recovery and install.​

It's essential not to flood the browser memory with junk before running the exploit. The reason for this is that due to javascript core memory usage limitations we are scanning several times a small range of browser memory (a few Mb) to find some essential data in RAM, if the memory is flooded then the range to scan becomes much larger & the probabilities that our data is found in the smaller range decrease dramatically....

So in short, never use the browser or set a homepage you cancel before running the exploit! If you need to, set the homepage to 'blank', close the browser then reopen it to start the flash writer.

v1.0.0 - Initial Release.

Supports Dumping NOR on both 4.81 & 4.82.

bguerville tried to produce a release that was easy to port & he succeeded. Anyone able to search for offsets in IDA can add support to any firmware version in the dumper in a matter of minutes.

For technical reasons, the Full NAND dumper release is postponed. We will now be focusing on self execution & if we succeed there will be no need for the extra ROP work to do the NAND dumper. If we fail, I will finish it in ROP.

A lot of time has been invested into making the javascript + UI more efficient, as well as the trigger phase faster & more stable. I hope you enjoy the result.

Usage Tips:

1) Try using a LAN connection or a solid WiFi connection during exploitation. A weak signal can cause problems.2) If the exploit takes more than 5 minutes to work, reload page, browser, or restart console and try again.3) If you are using a LAN connection and experience network issues, make sure all cables to router are in working order.​

Steps:

1. Setup a small Web server on pc or smartphone. A custom miniweb application (from: https://sourceforge.net/projects/miniweb/files/) with small changes to the JaveScript, and supplied to host files if you would like to use it. Don't come to us for explanations about how to run a http server though. Google it.

2. Extract the files from release to your http server root folder.

2a- To use the miniweb.exe server, it is necessary to create a folder: htdocs
2b- The files *.html and *.js included in the zip files should be copied/moved to htdocs​

3. Put a FAT32 USB key in port closest to BD Drive (/dev_usb000).

4. DOUBLE-CHECK your flash drive on XMB to make sure it shows up under Music, Photos, Videos, etc.

5. Open the PS3 browser File Address window, write the IP address of your server (and the port if not 80) & press the Start button.

6. The dumper will detect the firmware version of your console automatically & setup the code appropriately so there is only one version for both 4.81 & 4.82. Run until ps3 beeps & shutdown. The flash dump should be a 16MB file on your USB drive as dump.hex.​

Can I install a CFW before 4.82, such as Rebug 4.81 or an earlier CFW?

Yes, however you must Toggle QA Flag. Once the Token is activated you have the ability to then freely jump CFW versions. (see below for details)

How do I Toggle QA Flag?

When on a CFW download & install >>> QA TOGGLER (Standalone), (Note: Will just show a black screen then reboot the PS3 and returns to xmb. A Restart is Required. After toggling QA, cfw syscalls will be disabled (meaning your CFW patches will be disabled until the next boot, so a reboot is required after the Toggler exits back to the XMB.) Additional Info about Q/A flag can be seen here ( & also @ PS3Devwiki)

Should i use the "999 Downgrader" vs "Toggle QA" to install a different CFW?

No, installing the "999 downgrader" PUP can cause various issues like on a 3.56 minver console, it will brick the console, simply just Toggle the Q/A Flag and play it safe and is so simple to move from CFW versions (up and down from version to version).

How do i know for sure if my PS3 Model is compatible ?

You must have a PS3 Console that has a Factory Firmware of 3.56 and below.

Once shown on the list select the PUP and install, shortly after there will be a message showing the factory firmware the console was shipped,

For this we want 3.56 and below.

ANYTHING HIGHER THEN 3.56 IS NOT ABLE INSTALL A CFW. Sorry this will not work for your console, but there could be a HEN (Homebrew Enabler) possible for running homebrew, but additional research and time is needed for achievement, additional details can be read here.

What is the basic purpose of the Writer & Dumper Tools Release?

The dumper is to get a backup of the nor chip

The writer is to jailbreak your console. (Adding a patch to OFW to allow CFW installation)

Do I have to setup my own web server or can (has) someone host this?

For best results and security it's advised/recommended to setup a local web-server to execute the webkit exploit, The best Unofficial Host we have found is from developer RED and his page: http://redthetrainer.com/ps3/

How to go from Ferrox 4.82 to Rebug 4.81?

.Question Raised Here , OR alternativelyyou can uses this UNOFFICIAL modified version of REBUG 4.81.2, that will install on 4.82 (without QA FLAG as it contains an edit to the syscon version)>>>> (View Tweet & Download Link)

Q: the console shut down and beeped when using the exploit, however I'm getting an error when trying to install cfw?

A: there are a couple of possible reasons for that:

1. Did you make sure you flashed the correct file (nand/nor)? See q/a above

2. Try different 4.82 CFWs and make sure the md5 is correct after copying to fat32 thumb drive.

3. Try a different USB thumb drive or reformat it.

4. Install OFW 4.82 two times in a row then apply the patch using the PS3Xploit flash writer & finally install a 4.82 CFW. That should always solve the issue.

5. As a last resort, make a backup and format internal HDD (I just read that solved the problem for one user).

Q: when will there be a CFW or a HEN type of hack for newer ps3 models?

CFW (Custom Firmware): Not Possible

HEN (Homebrew Enabler): you may be able to use homebrew (even backup managers) later on. The devs are working on it and they won't be faster or release it earlier because you ask. The PS Vita / PlayStation TV use a HEN exploit (HENkaku) to give you a idea on what a HEN is for those of you who have followed the Vita Scene.

Keep dropping by this forum and you won't miss it once it's there. You will here it first from psx-place.com the official home of the PS3Xploit Team

Q: okay, I got a cfw installed. What do I do now?

A: Read. There is a lot of information on this forum. Use search function for specific topics and check out this thread >> An Intro to CFW & PS3 Homebrew to get started.

Q: where can I download games?

A: From PSN, for anything else you may want to read the forums rules! psx-place.com

Well, well! You (probably) already heard about the several PlayStation Developer Wikis like for the PS3 and the PS4, but also for the handheld consoles like PSP and PSVITA, with it's strong communities and useful information for each wiki. But while the actual Console Generations were already satisfied with their own wikis, there was something missing. If you wanted to get some informations about older Sony Consoles, then we had to be honest - your informations kept very short. But since we speak about the "past tense form" from "has", the lack of useful information could change with your help. Thanks to the well-known user @GregoryRasputin, you can now contribute to a PS1 and PS2 DevWiki! Yeah, that's right. Sony's both first released home consoles are getting it's own dedicated wikis and everyone is welcome to contribute.​

While we have seen PS2 developer like@sp193 busy with several new updates to Free Memory Card Boot (FMCB) exploit recently, the dev along with other PS2 devs like Maximus32 have been putting in some work and making some "HUGE Advancements" to OPLas@TnA details. Open PS2 Loader or better known as simplyOPL is moving along nicely with the times and making great strides still in 2018, from here i will leave it to TnA who has summed up the various progressions of this very popular PS2 Project​

The PS2 Community is still going strong and developer@sp193 continues to make improvements across the board on the PS2, with some of the dev's latest work coming with a series of new updates toFree Memory Card Boot (FMCB), Since June of this year the dev has provided the progress and reports as seen in the thread (in the psx-place forums) and kept us informed. There has been alot of new changes since June and each of those changes can be seen in the "Recent Developments" along with some other details about the project be sure to view all links the dev has provided for additional details about this project if your a new comer to FMCB or the PS2.​

Comments

I want to ask some advice here.
I have a PS3 slim CECH 2504A with minimum version 3.60 or later.
I'm using cobra ode and it's worked fine with ofw 3,60. But I accidentally upgrade the ofw to 4.82. Now my cobra ode didn't work anymore.
I know that PS3 Exploit cannot used to jailbreak PS3 with minimum ofw > 3.55
Can I used the PS3 Exploit to downgrade my ofw to 3,60 so i can use my cobra ode again?
What's the best solution for my problem ?

Click to expand...

No, you can't downgrade. Your best solution, buy another ps3 or wait for a new exploit for the one you have.

Thanx for the reply, I think I will wait until new exploit that will work for 3.60 minimum version.

Click to expand...

Well technically you could already play your backups on ofw 4.82.
You can use the ofw 4.70 injection technique (described in various threads), of course you won't be able to inject directly as s#ny patched that injection vulnerability but there is a "workaround" for post 4.70 fw back-up files installation. Finally you can now copy a lic.dat file in the appropriate game directory using the ps3xploit tutorial files available on github.com/ps3xploit/pett.
It's obviously not an ideal way to install backups but while you wait for better, it might be an option for you...

Well technically you could already play your backups on ofw 4.82.
You can use the ofw 4.70 injection technique (described in various threads), of course you won't be able to inject directly as s#ny patched that injection vulnerability but there is a "workaround" for post 4.70 fw back-up files installation. Finally you can now copy a lic.dat file in the appropriate game directory using the ps3xploit tutorial files available on github.com/ps3xploit/pett.
It's obviously not an ideal way to install backups but while you wait for better, it might be an option for you...

Click to expand...

I seem to recall reading that, but I didn't know it was a work around.

I seem to recall reading that, but I didn't know it was a work around.

Click to expand...

Technically it's a different method to install the files rather than just a workaround.
Anyway it's only a temporary suggestion as hopefully installing/playing backups on ofw should not be a problem for much longer...

Technically it's a different method to install the files rather than just a workaround.
Anyway it's only a temporary suggestion as hopefully installing/playing backups on ofw should not be a problem for much longer...

So I had my fat CFW’d and didn’t like the cobra. Tried to switch it to rebug and now I get YLOD error. I’ve had YLOD many times and have flux repaired it and put in a fan mod to keep it ultra cool. Have t had any issues since till i attempted a CFW change. If Perhaps I’ve bricked it in this manner, where do I go to attempt a repair?
Thanks in advance

We've had quite a few noobs stumble into our discord after following random YouTube videos and flashing PS3xploit 2.0's flash.hex to their super slims / 3k / new 2.5k models. Generally, they've been coming to us while still in the browser and before they power off. Do you think it might be possible for someone to make a "recovery_flash.hex" that could be flashed to recover the soon-to-be-bricks (before they power off their console)? Alternatively, could you make the payload dump their flash and save it so that if they flash the wrong thing, they can hit a button to flash it back even if they didn't take a manual backup? Just some suggestions to maybe curb the amount of people bricking their consoles by blindly following YouTube guides.

I would try and make one, but honestly I don't want to mess up and make the bricks completely unrecoverable. In the past when I had a flasher, I would have, but I don't want to risk it and screw people over :P

You should have read & followed the instructions and paid attention to the multiple warnings including on screen. Your console was not compatible with these tools, you bricked it.
Only a hardware flasher can recover it.